-
ElevenLabs
· ElevenLabs Usage Policy
ElevenLabs reserves the right to suspend or terminate user accounts without prior notice based on its determination that conduct violates the terms or is otherwise harmful, including at its sole discretion....
Why it matters: This provision establishes unilateral enforcement authority over account access, which for enterprise API customers and developers represents potential disruption to operational infrastructure and downstream services that depend on continued platform access; the absence of a specified notice or cure period creates operational continuity risk for business users....
-
ElevenLabs
· ElevenLabs Usage Policy
The policy prohibits generating voice content that constitutes threats, harassment, incitement to violence, or hate speech targeting individuals or groups based on protected characteristics....
Why it matters: This provision establishes content moderation standards that intersect with platform liability frameworks under Section 230 of the Communications Decency Act and, for EU-based operations, the Digital Services Act's requirements for illegal content removal; enterprise customers distributing AI-generated content through their own platforms must assess their own independent obligations under these frameworks....
-
ElevenLabs
· ElevenLabs Usage Policy
The policy prohibits using ElevenLabs as a component of coordinated disinformation operations, influence campaigns, or automated systems generating synthetic content at scale to manipulate public opinion....
Why it matters: This provision addresses the use of AI voice generation infrastructure in information operations, which engages both domestic and foreign election interference statutes and is an active focus of FTC and DOJ enforcement attention; enterprise users with high-volume API usage should assess whether their use cases could be characterized as coordinated synthetic content generation at scale....
-
Roblox
· Roblox Privacy and Cookie Policy
The April 30, 2026 update adds language to the policy describing Roblox's practices for sharing user information with law enforcement and government authorities. The specific scope and conditions of this sharing are described in the updated policy body....
Why it matters: This provision discloses that Roblox shares user information with law enforcement and government authorities, a practice with significant implications for user privacy and for compliance with legal process obligations under applicable law. The provision is newly added as of the April 2026 effective date....
-
Roblox
· Roblox Privacy and Cookie Policy
The policy states that Roblox will not collect additional personal information from users under 13 beyond what is required for account setup and protection, and will delete any excess personal information received, cancel the account, or apply age-appropriate protections....
Why it matters: This provision operationalizes COPPA's data minimization requirement for child users and establishes three specific remedial actions Roblox states it will take upon receiving excess personal information from under-13 users. The provision also reflects the policy's stated commitment to filtering public communications from child users to remove personal information....
-
Monitoring
These provisions have changed before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
-
Roblox
· Roblox Privacy and Cookie Policy
The policy states that Roblox collects IP addresses and unique device identifiers from users including those under 13, and uses these persistent identifiers for six specified internal operations including contextual advertising and content personalization. The policy states that technical and contractual measures are implemented to prevent use of persistent identifiers beyond these stated purposes....
Why it matters: This provision authorizes collection of IP addresses and device identifiers from child users under the COPPA internal operations exception, which permits such collection without verifiable parental consent when limited to the specified purposes. The inclusion of contextual advertising within the permitted internal operations is a notable disclosure, as COPPA's internal operations exception does not permit behavioral advertising to children....
-
Roblox
· Roblox Privacy and Cookie Policy
The policy states that Roblox limits data retention to what is reasonably necessary for specified purposes and employs access controls, purpose-based tagging, employee training, and data segregation to manage data. Persistent identifiers may be retained for safety and security purposes for up to two years following account deletion....
Why it matters: This provision establishes a stated retention framework and specifies a two-year post-deletion retention window for persistent identifiers for safety and security purposes. The two-year post-deletion retention period is an operationally significant disclosure for users who delete their accounts, as identifiers including IP addresses and device identifiers may continue to be processed during that period....
-
Roblox
· Roblox Privacy and Cookie Policy
The policy is titled the Roblox Privacy and Cookie Policy and addresses cookie and tracking technology practices as part of the overall data collection framework. The document references a separate cookie policy framework applicable to Roblox's websites and services....
Why it matters: The policy's combined privacy and cookie governance structure means that cookie consent mechanisms, opt-out rights, and tracking technology disclosures are addressed within a single document, which has operational implications for compliance with GDPR's ePrivacy Directive requirements and US state opt-out rights for targeted advertising using cookies and similar technologies....
-
Roblox
· Roblox Privacy and Cookie Policy
The policy appoints Article 27 EU and UK GDPR representatives and an Article 37 DPO for EU users, and provides separate contact details for EEA, UK, Switzerland, Brazil, Korea, and US state privacy requests. Region-specific addenda govern additional rights for users in those jurisdictions....
Why it matters: The appointment of Article 27 representatives and an Article 37 DPO reflects compliance with GDPR requirements for non-EU controllers processing EU personal data. The policy's multi-jurisdictional structure, including separate addenda for US states, Brazil, and Korea, creates a layered compliance framework where the addenda govern over the main policy in case of conflict....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy prohibits using the platform to generate content that provides meaningful assistance to efforts to create biological, chemical, nuclear, or radiological weapons capable of mass casualties....
Why it matters: This provision establishes a prohibited use category that aligns with US export control frameworks, including Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), as well as biosecurity statutes. The term 'serious uplift' is not defined in the document, which creates interpretive uncertainty regarding where informational content ends and prohibited assistance begins....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy prohibits using the platform to generate political rhetoric intended to alter political views or sow division, political advertising or propaganda, content targeting based on political ideology, disinformation, fake news, or content that could undermine election integrity....
Why it matters: This provision contains several broadly framed categories, including 'rhetoric that could unduly alter people's political views' and content that could 'sow division,' that are not defined in the document. These categories create significant enforcement discretion for Perplexity and may affect users engaged in legitimate political commentary, journalism, academic research, or civic education. The disinformation prohibition also engages emerging platform content liability frameworks including the EU Digital Services Act....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy prohibits using Perplexity outputs to represent AI-generated content as human-generated in contexts where such misrepresentation could deceive the recipient....
Why it matters: This provision engages FTC guidance on AI-generated content disclosure and the EU AI Act's transparency requirements for AI-generated content, particularly in contexts such as customer service, journalism, academic submission, and legal proceedings. The clause is qualified by 'in contexts where this could mislead,' which preserves some discretion regarding fictional or clearly labeled creative uses....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy reserves to Perplexity the right to suspend or terminate a user's access to the platform for violations of the AUP, without specifying a notice requirement, investigation procedure, or appeal mechanism in this document....
Why it matters: This provision establishes a unilateral enforcement mechanism that applies to all users, including API-dependent enterprise customers, without a documented procedural framework for notice, investigation, or appeal. For business users relying on Perplexity's API for operational workflows, the absence of stated procedural protections creates operational continuity risk....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy reserves to Perplexity the right to update the AUP at any time, and states that continued use of the platform after an update constitutes the user's agreement to the revised terms, without specifying a notice period or notification mechanism....
Why it matters: This provision establishes a unilateral amendment mechanism under which users are bound by revised AUP terms through continued platform use. The document does not specify a minimum notice period before updated terms take effect, which may require evaluation under GDPR consent requirements for EU users and CCPA disclosure obligations for California residents....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy prohibits using the platform to collect personal data without authorization, conduct surveillance, or distribute personal information about others without their consent....
Why it matters: This provision establishes a prohibited use category that interacts with GDPR, CCPA, and other privacy frameworks, and may be relevant for enterprise users who query the platform using third-party personal data without authorization. The prohibition on 'unauthorized data collection' is not further defined in the document....
-
Perplexity AI
· Perplexity Acceptable Use Policy
The policy prohibits users from attempting to bypass, disable, or work around safety measures, content filtering systems, or platform restrictions implemented by Perplexity....
Why it matters: This provision establishes a broadly framed prohibition on circumvention of platform safety controls, which may encompass prompt injection, jailbreaking, and similar adversarial techniques. The scope of 'other restrictions' is not defined, which creates interpretive breadth. This provision interacts with the Computer Fraud and Abuse Act (CFAA) in contexts where circumvention attempts involve unauthorized access....
-
OpenAI
· OpenAI API Data Usage Policies
The document states that inputs and outputs submitted through the OpenAI API or ChatGPT Enterprise are not used to train OpenAI models by default, and that training use requires explicit customer opt-in....
Why it matters: This provision establishes the primary data use boundary for enterprise and API customers, directly affecting purpose limitation and data minimization compliance under GDPR and equivalent frameworks. The default exclusion from model training is a material operational distinction from consumer-tier ChatGPT accounts, where different terms may apply....
-
OpenAI
· OpenAI API Data Usage Policies
The document asserts that customers retain ownership of the inputs they submit and the outputs they receive through the enterprise and API tiers....
Why it matters: This provision establishes the ownership framework for enterprise-generated content, which is relevant to intellectual property management, downstream licensing, and data portability considerations for business customers....
-
OpenAI
· OpenAI API Data Usage Policies
The document states that OpenAI offers a Data Processing Addendum incorporating Standard Contractual Clauses to support GDPR compliance for customers processing EU personal data through the API or ChatGPT Enterprise....
Why it matters: This provision establishes the contractual mechanism for GDPR Article 28 processor compliance and cross-border data transfer requirements for EU/EEA customers, and is the operative instrument for organizations with EU data protection obligations using OpenAI services....
-
OpenAI
· OpenAI API Data Usage Policies
The document states that OpenAI can execute Business Associate Agreements with HIPAA-covered entities and business associates requiring contractual HIPAA protections for their use of OpenAI services....
Why it matters: This provision establishes that OpenAI offers BAA execution as a contractual mechanism for healthcare sector customers subject to HIPAA, which is a prerequisite for lawful processing of protected health information through OpenAI services....
-
OpenAI
· OpenAI API Data Usage Policies
The document states that OpenAI provides Standard Contractual Clauses as the legal mechanism for cross-border personal data transfers from the EU to the United States and other non-adequate countries....
Why it matters: Under GDPR Chapter V, cross-border transfers of personal data to non-adequate third countries require an approved transfer mechanism; this provision discloses that OpenAI uses Standard Contractual Clauses as that mechanism for EU-originating enterprise and API data....
-
Perplexity AI
· Perplexity Privacy Policy
The policy states that Perplexity collects directly provided identifiers (name, email, phone, payment details) and automatically collected data including device information, IP address, search queries, conversation history, and voice or audio data from voice features....
Why it matters: This provision establishes the full scope of personal data collection, including voice and audio data which may be subject to additional state-level protections (such as Illinois BIPA or Washington's My Health MY Data Act depending on data type) and GDPR requirements for processing biometric or sensitive personal data categories....
-
Perplexity AI
· Perplexity Privacy Policy
The policy discloses that California residents have CCPA/CPRA rights to access, delete, correct, and opt out of the sale or sharing of personal information, exercisable through Perplexity's privacy rights form....
Why it matters: This provision establishes the mechanism through which California residents may exercise statutory rights under CCPA and CPRA. The operational completeness of the privacy rights form and Perplexity's response timelines are subject to CPRA enforcement by the California Privacy Protection Agency....
-
Perplexity AI
· Perplexity Privacy Policy
The policy states that EEA and UK users' data is processed on lawful bases including consent, legitimate interests, and contractual necessity, and that cross-border transfers outside the EEA and UK are conducted using appropriate safeguards such as standard contractual clauses....
Why it matters: This provision establishes the legal framework governing EEA and UK user data, including the reliance on standard contractual clauses for international transfers. The adequacy of these safeguards and the validity of the legitimate interest basis for AI training and advertising processing are subject to evaluation by EU supervisory authorities and the UK ICO....
-
Perplexity AI
· Perplexity Privacy Policy
The policy states the service is not directed at children under 13 and that Perplexity will delete personal information if it discovers it was collected from a child under 13....
Why it matters: This provision establishes a COPPA-aligned age threshold, but relies on a reactive rather than proactive verification mechanism. The policy does not describe what age verification procedures are in place to prevent collection from users under 13 in the first instance....
-
Perplexity AI
· Perplexity Privacy Policy
The policy states that personal data is retained for as long as necessary for service delivery, legal compliance, dispute resolution, and enforcement, with extended retention permitted for legal or legitimate business reasons....
Why it matters: This provision does not specify retention periods for individual data categories, including conversation history and voice data, which creates compliance uncertainty under GDPR's data minimization and storage limitation principles and under state privacy laws requiring disclosure of retention practices....
-
Perplexity AI
· Perplexity Privacy Policy
The policy states that material changes will be communicated by email or website notice before taking effect, and that continued use of the service after changes constitutes acceptance of the updated terms....
Why it matters: The continued use equals acceptance mechanism establishes an implied consent framework for policy updates. Under GDPR, material changes to processing activities may require renewed explicit consent rather than implied acceptance through continued use, particularly for processing based on consent as the legal basis....
-
Perplexity AI
· Perplexity AI Privacy Policy
The policy authorizes sharing of user identifiers, device information, and interaction data with advertising partners for targeted advertising and campaign measurement. This data sharing is distinct from sharing with AI model providers....
Why it matters: This provision authorizes sharing of personal data with advertising partners, which constitutes a sale or sharing of personal information under CCPA for California residents and requires a valid lawful basis under GDPR, typically consent for behavioral advertising. The provision engages CCPA opt-out rights and GDPR consent requirements for targeted advertising....
-
Perplexity AI
· Perplexity AI Privacy Policy
The policy grants California residents rights under CCPA and CPRA including access, deletion, correction, opt-out of sale and sharing, and limitation of sensitive personal information use. These rights are exercisable by contacting Perplexity....
Why it matters: This provision establishes the operational framework under which California residents can exercise statutory privacy rights. Compliance teams should verify that each enumerated right is technically and procedurally implemented, including response timelines required by CCPA and CPRA....
-
Perplexity AI
· Perplexity AI Privacy Policy
The policy grants EU, EEA, UK, and Switzerland-based users data subject rights under GDPR and equivalent laws, including access, rectification, erasure, restriction, objection, and data portability. Users in these jurisdictions may also complain to their local data protection authority....
Why it matters: This provision establishes GDPR data subject rights for EU/EEA, UK, and Swiss users and references the right to complain to supervisory authorities, which is a mandatory GDPR transparency requirement. The operational implementation of these rights, including response mechanisms and lawful basis documentation, is a primary compliance focus for GDPR-regulated operations....
-
Perplexity AI
· Perplexity AI Privacy Policy
The policy states that Perplexity's services are not directed to users under 13, that the platform does not knowingly collect personal data from children under 13, and that such data will be deleted if inadvertently collected. The policy does not describe age verification mechanisms....
Why it matters: This provision establishes COPPA compliance posture for US operations. The absence of described age verification mechanisms raises a practical question about how the under-13 restriction is enforced operationally, which is an active area of FTC scrutiny for online services....
-
Perplexity AI
· Perplexity AI Privacy Policy
The policy states that personal data is retained for the period necessary for service provision, legal compliance, dispute resolution, and agreement enforcement, without specifying fixed retention periods for any data category. Retention duration is described as dependent on data type and collection purpose....
Why it matters: The absence of specified retention periods for distinct data categories, including query content, voice audio, and conversation history, creates uncertainty for compliance assessments and may engage GDPR storage limitation requirements, which mandate that personal data not be retained longer than necessary for the specified purpose....
-
Perplexity AI
· Perplexity Enterprise Terms
The enterprise terms establish restrictions on how the Perplexity AI platform may be used by enterprise customers and their authorized end users, prohibiting uses that violate applicable law, infringe third-party rights, or fall outside permitted commercial purposes....
Why it matters: This provision defines the operational boundaries of permissible platform use for enterprise deployments and establishes the basis on which Perplexity may suspend or terminate access for non-compliant use by the enterprise customer or its end users....
-
Perplexity AI
· Perplexity Enterprise Terms
The agreement addresses ownership of intellectual property rights in content submitted by enterprise customers and in AI-generated outputs produced by the Perplexity platform, establishing the respective rights of the parties in customer inputs and service outputs....
Why it matters: This provision determines whether enterprise customers hold rights in AI-generated outputs they receive from the platform, which is operationally significant for organizations that intend to use or commercialize those outputs in products, services, or internal workflows....
-
Perplexity AI
· Perplexity Enterprise Terms
The agreement reserves Perplexity's right to suspend or terminate enterprise account access under defined conditions, including violations of the acceptable use policy, non-payment, or other material breaches of the agreement....
Why it matters: This provision establishes the conditions under which Perplexity may discontinue service to an enterprise customer, which is operationally significant for organizations that have integrated the platform into business-critical workflows....
-
Perplexity AI
· Perplexity Enterprise Terms
The agreement establishes caps on Perplexity's financial liability to enterprise customers for losses arising from service failures, AI output inaccuracies, or other claims under the agreement, typically limiting recovery to fees paid within a defined preceding period....
Why it matters: This provision defines the maximum financial exposure Perplexity accepts under the agreement, which is operationally significant for enterprise customers assessing the adequacy of contractual recourse relative to their reliance on the platform....
-
Perplexity AI
· Perplexity Enterprise Terms
The agreement establishes mutual or one-way confidentiality obligations governing the treatment of proprietary business information exchanged between Perplexity and enterprise customers, including restrictions on disclosure and use of confidential information....
Why it matters: This provision governs how enterprise customers' proprietary business information submitted through or in connection with the platform is treated, which is operationally significant for organizations deploying the service in contexts involving trade secrets, client data, or sensitive business information....
-
Perplexity AI
· Perplexity Enterprise Terms
The agreement specifies the governing law and jurisdiction for disputes arising between Perplexity and enterprise customers, typically designating a US state (likely California or Delaware) and establishing the forum for dispute resolution, which may include arbitration or litigation in specified courts....
Why it matters: This provision establishes the legal framework under which contractual disputes between Perplexity and enterprise customers are resolved, which is operationally significant for non-US enterprise customers who may face practical and legal barriers to pursuing claims in a US forum....
-
SoFi
· SoFi Privacy Notice
The policy hub page states that SoFi collects, discloses, and uses personal information received about users across its financial products and services, with detailed policies governing specific product lines including banking, lending, investing, and insurance....
Why it matters: As a financial services entity offering banking, lending, and investment products, the scope of data collection authorized across these product lines engages both GLBA nonpublic personal information requirements and CCPA personal information categories, creating distinct obligations for each data type and product context....
-
SoFi
· SoFi Privacy Notice
The page implements a 'Your privacy options' link in the footer that, for unauthenticated users, opens the OneTrust preference center to manage consent and opt-out selections, while authenticated users are directed to their SoFi account privacy preferences in profile settings....
Why it matters: This provision documents the operational mechanism through which SoFi provides California residents and other users with the ability to opt out of sale and sharing of personal information, consistent with CCPA and CPRA requirements for accessible opt-out mechanisms....
-
SoFi
· SoFi Privacy Notice
The page code checks whether a user has an active session and routes privacy preference management accordingly: unauthenticated users are directed to the OneTrust preference center, while authenticated users are directed to their SoFi account profile privacy settings....
Why it matters: This routing mechanism creates two distinct technical pathways for privacy preference management, which compliance teams should verify produce equivalent opt-out outcomes and that both pathways propagate consent signals to the same set of data sharing partners....
-
OpenSea
· OpenSea Privacy Policy
The policy discloses that OpenSea collects wallet addresses and records of NFT transactions conducted on its platform, and acknowledges that blockchain transactions are publicly visible and cannot be made private through the platform's privacy controls....
Why it matters: This provision establishes that wallet addresses are treated as personal data subject to the policy's terms, while simultaneously acknowledging that on-chain activity is publicly accessible by the nature of blockchain infrastructure, which creates a practical boundary on the scope of privacy rights OpenSea can fulfill with respect to transaction data that exists on public ledgers....
-
OpenSea
· OpenSea Privacy Policy
The policy authorizes OpenSea to share user personal data including browsing activity, device identifiers, and usage data with third-party advertising partners and analytics providers for purposes including targeted advertising and platform performance measurement....
Why it matters: This provision authorizes disclosure of behavioral and device data to third parties for advertising and analytics purposes, which engages GDPR lawful basis requirements for EEA users and CCPA opt-out of sale or sharing rights for California residents....
-
OpenSea
· OpenSea Privacy Policy
The policy states that personal data may be transferred to a successor entity in connection with a merger, acquisition, bankruptcy, or sale of all or substantially all of OpenSea's assets....
Why it matters: This provision reserves the right to transfer all collected personal data to a third party in the event of a corporate transaction, which may result in user data being governed by a different privacy policy without additional consent being obtained prior to transfer....
-
OpenSea
· OpenSea Privacy Policy
The policy provides California residents with rights under the CCPA and CPRA including the right to know, right to delete, right to correct, right to opt out of sale or sharing of personal information, and right to non-discrimination for exercising these rights....
Why it matters: This provision establishes specific procedural rights for California residents, including the right to opt out of the sharing of personal data with advertising partners, which requires OpenSea to provide a functional opt-out mechanism and to honor Global Privacy Control signals where required under California law....
-
OpenSea
· OpenSea Privacy Policy
The policy provides EEA and UK users with data subject rights under GDPR and UK GDPR including rights to access, rectification, erasure, restriction of processing, data portability, and objection to processing, and discloses the lawful bases relied upon for processing personal data....
Why it matters: This provision establishes GDPR-based rights for EEA and UK users and requires OpenSea to identify the lawful basis for each category of processing, which creates obligations around consent management, legitimate interests assessments, and response procedures for data subject requests....
-
Ancestry
· Ancestry Terms and Conditions
Ancestry subscriptions automatically renew at the end of each subscription period and the payment method on file is charged for the renewal fee unless the user cancels before the renewal date....
Why it matters: This provision authorizes recurring charges to users' payment methods without additional affirmative action at each renewal period; users must proactively cancel before the renewal date to avoid being charged for subsequent subscription periods....
-
Ancestry
· Ancestry Terms and Conditions
Users agree to defend and indemnify Ancestry and its personnel against claims, liabilities, damages, and attorneys' fees arising from the user's use of the services or violation of the terms....
Why it matters: This provision places financial responsibility on users for claims arising from their use of the services or violations of the terms, including the cost of legal defense and attorneys' fees, which can create significant financial exposure for individual users....
-
Ancestry
· Ancestry Terms and Conditions
Content submitted to public areas of Ancestry's platform may be viewed and shared by other Ancestry subscribers as part of the service, and users acknowledge this by submitting such content....
Why it matters: This provision establishes that genealogical content, family history records, and related personal data submitted to public areas of the platform is accessible and shareable by other platform subscribers, which has implications for the privacy of individuals named or depicted in submitted content who may not themselves be Ancestry users....
-
Ancestry
· Ancestry Terms and Conditions
The agreement limits Ancestry's liability to exclude indirect, incidental, special, consequential, and punitive damages, including loss of data, arising from use of the services, to the fullest extent permitted by law....
Why it matters: This provision limits the categories of damages users may recover from Ancestry in connection with service-related harm, including loss of data, and operates to the fullest extent permitted by applicable law, meaning enforceability may vary by jurisdiction....